<?php
include ('../inicio/conectarse.php');
if (!isset($_SESSION)) {
  session_start();
}

	//Function to sanitize values received from the form. Prevents SQL injection
	function clean($str) {
		$str = @trim($str);
		if(get_magic_quotes_gpc()) {
			$str = stripslashes($str);
		}
		return mysql_real_escape_string($str);
	}
	
	//Sanitize the POST values
	$descripcion = clean($_POST['descripcion']);
	$fecha= clean($_POST['fecha']);
	
	if($_SESSION['UPDATE']==0){
		//Create INSERT query
		$qry = "INSERT INTO reclamos(descripcion, fecha) 
				VALUES('$descripcion','$fecha')";
		$result = mysql_query($qry);
		//Check whether the query was successful or not
		if($result) {
			header("location: ../../paginas/admin/index.php");
			exit();
		}else {
			die("Query failed");
		}
	}else{	
		$id=$_SESSION['ID'];
		$qry = "UPDATE reclamos SET descripcion = '$descripcion', fecha = '$fecha'  WHERE ID_RECLAMO=".$id;
	
		$result = mysql_query($qry);
		//Check whether the query was successful or not
		if($result) {
			header("location: ../../paginas/admin/index.php");
			exit();
		}else {
			die("Query failed");
		}
	}
?>